|
1 | | - |
2 | | -# jsp-gcm |
3 | | - |
4 | | -This is the repository that holds the configuration for our Google |
5 | | -Marketplace solution, [jetstack-secure-for-cert-manager][]. |
6 | | - |
7 | | -**Content:** |
8 | | - |
| 1 | +# Jetstack Secure for cert-manager on the Google Cloud Marketplace |
| 2 | + |
| 3 | +<!-- |
| 4 | +Inspiration: |
| 5 | +https://github.com/unleash-hosted/unleash-hosted-gcp-marketplace/blob/master/README.md |
| 6 | +--> |
| 7 | + |
| 8 | +## Overview of Jetstack Secure for cert-manager |
| 9 | + |
| 10 | +TODO: description of jetstack secure |
| 11 | + |
| 12 | +**Contents:** |
| 13 | + |
| 14 | +- [Overview of Jetstack Secure for cert-manager](#overview-of-jetstack-secure-for-cert-manager) |
| 15 | +- [Installation](#installation) |
| 16 | + - [Quick install with Google Cloud Marketplace](#quick-install-with-google-cloud-marketplace) |
| 17 | + - [Command line instructions](#command-line-instructions) |
| 18 | + - [Prerequisites](#prerequisites) |
| 19 | + - [Set up command line tools](#set-up-command-line-tools) |
| 20 | + - [Create a Google Kubernetes Engine cluster](#create-a-google-kubernetes-engine-cluster) |
| 21 | + - [Configure kubectl to connect to the cluster](#configure-kubectl-to-connect-to-the-cluster) |
| 22 | + - [Clone this repo](#clone-this-repo) |
| 23 | + - [Install the Application resource definition](#install-the-application-resource-definition) |
| 24 | + - [Install the application](#install-the-application) |
| 25 | + - [Configure the application with environment variables](#configure-the-application-with-environment-variables) |
9 | 26 | - [Technical considerations](#technical-considerations) |
10 | 27 | - [Installing and manually testing the deployer](#installing-and-manually-testing-the-deployer) |
11 | 28 | - [Testing and releasing the deployer using Google Cloud Build](#testing-and-releasing-the-deployer-using-google-cloud-build) |
12 | 29 | - [Debugging deployer and smoke-tests when run in Cloud Build](#debugging-deployer-and-smoke-tests-when-run-in-cloud-build) |
13 | 30 | - [Updating the upstream cert-manager chart version](#updating-the-upstream-cert-manager-chart-version) |
14 | 31 |
|
| 32 | +## Installation |
| 33 | + |
| 34 | +### Quick install with Google Cloud Marketplace |
| 35 | + |
| 36 | +Get up and running with a few clicks! Install the Jetstack Secure for |
| 37 | +cert-manager application to a Google Kubernetes Engine cluster using Google |
| 38 | +Cloud Marketplace. Follow the [on-screen |
| 39 | +instructions](https://console.cloud.google.com/marketplace/details/jetstack/jetstack-secure-for-cert-manager). |
| 40 | + |
| 41 | +### Command line instructions |
| 42 | + |
| 43 | +You can use [Google Cloud Shell](https://cloud.google.com/shell/) or a |
| 44 | +local workstation to complete these steps. |
| 45 | + |
| 46 | +[](https://console.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https://github.com/jetstack/jsp-gcm&cloudshell_working_dir=/) |
| 47 | + |
| 48 | +#### Prerequisites |
| 49 | + |
| 50 | +##### Set up command line tools |
| 51 | + |
| 52 | +You'll need the following tools in your environment. If you are using Cloud Shell, these tools are installed in your environment by default. |
| 53 | + |
| 54 | +- [gcloud](https://cloud.google.com/sdk/gcloud/) |
| 55 | +- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) |
| 56 | +- [docker](https://docs.docker.com/install/) |
| 57 | +- [openssl](https://www.openssl.org/) |
| 58 | +- [helm](https://helm.sh/docs/using_helm/#installing-helm) |
| 59 | +- [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) |
| 60 | + |
| 61 | +Configure `gcloud` as a Docker credential helper: |
| 62 | + |
| 63 | +```sh |
| 64 | +gcloud auth configure-docker |
| 65 | +``` |
| 66 | + |
| 67 | +##### Create a Google Kubernetes Engine cluster |
| 68 | + |
| 69 | +The [workload |
| 70 | +identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) |
| 71 | +must be enabled on your cluster. To create a cluster that has _workload |
| 72 | +identity_ feature enabled, run the following command: |
| 73 | + |
| 74 | +```sh |
| 75 | +export CLUSTER=jetstack-cluster |
| 76 | +export ZONE=europe-west1-c |
| 77 | + |
| 78 | +gcloud container clusters create $CLUSTER --zone $ZONE \ |
| 79 | + --workload-pool=$(gcloud config get-value project | tr ':' '/').svc.id.goog |
| 80 | +``` |
| 81 | + |
| 82 | +> For an existing cluster, you can turn the feature on (will restart the |
| 83 | +> GKE control plane) with the following command: |
| 84 | +> |
| 85 | +> ```sh |
| 86 | +> gcloud container clusters update $CLUSTER --zone $ZONE \ |
| 87 | +> --workload-pool=$(gcloud config get-value project | tr ':' '/').svc.id.goog |
| 88 | +> ``` |
| 89 | +
|
| 90 | +##### Configure kubectl to connect to the cluster |
| 91 | +
|
| 92 | +```sh |
| 93 | +gcloud container clusters get-credentials "$CLUSTER" --zone "$ZONE" |
| 94 | +``` |
| 95 | +
|
| 96 | +##### Clone this repo |
| 97 | + |
| 98 | +Clone this repo and the associated tools repo: |
| 99 | + |
| 100 | +```shell |
| 101 | +git clone https://github.com/jetstack/jsp-gcm |
| 102 | +cd jsp-gcm |
| 103 | +``` |
| 104 | + |
| 105 | +##### Install the Application resource definition |
| 106 | + |
| 107 | +An Application resource is a collection of individual Kubernetes |
| 108 | +components, such as Services, Deployments, and so on, that you can manage |
| 109 | +as a group. |
| 110 | + |
| 111 | +To set up your cluster to understand Application resources, run the |
| 112 | +following command: |
| 113 | + |
| 114 | +```sh |
| 115 | +kubectl apply -f "https://raw.githubusercontent.com/GoogleCloudPlatform/marketplace-k8s-app-tools/master/crd/app-crd.yaml" |
| 116 | +``` |
| 117 | + |
| 118 | +You need to run this command once for each cluster. |
| 119 | + |
| 120 | +The Application resource is defined by the [Kubernetes |
| 121 | +SIG-apps](https://github.com/kubernetes/community/tree/master/sig-apps) |
| 122 | +community. The source code can be found on |
| 123 | +[github.com/kubernetes-sigs/application](https://github.com/kubernetes-sigs/application). |
| 124 | + |
| 125 | +#### Install the application |
| 126 | + |
| 127 | +##### Configure the application with environment variables |
| 128 | + |
| 129 | +Choose an instance name and |
| 130 | +[namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) |
| 131 | +for the application. In most cases, you can use the `default` namespace. |
| 132 | + |
| 133 | +```shell |
| 134 | +export APP_INSTANCE_NAME=jetstack-secure-1 |
| 135 | +export NAMESPACE=default |
| 136 | +``` |
| 137 | + |
| 138 | +Set up the image tag: |
| 139 | + |
| 140 | +It is advised to use a stable image reference which you can find on |
| 141 | +[Marketplace Container Registry](marketplace.gcr.io/jetstack-public/jetstack-secure-for-cert-manager). |
| 142 | + |
| 143 | +Example: |
| 144 | + |
| 145 | +```shell |
| 146 | +export TAG="1.1.0-gcm.1" |
| 147 | +``` |
| 148 | + |
| 149 | +where `1.1.0` stands for the cert-manager version, and `gcm.1` is the |
| 150 | +Google Marketplace build version. |
| 151 | + |
| 152 | +--- |
| 153 | + |
| 154 | +This is the repository that holds the configuration for our Google |
| 155 | +Marketplace solution, [jetstack-secure-for-cert-manager][]. |
| 156 | + |
15 | 157 | ## Technical considerations |
16 | 158 |
|
17 | 159 | **Retagging cert-manager images:** |
|
0 commit comments